German privacy authorities criticise data retention
The data protection commissioners of 14 of Germany’s 15 states (Laender) as well as the National commissioner, Peter Schaar, have severely criticised the EU plan for mandatory traffic data retention and called upon the German government to vote against the proposal in the EU council of ministers. “There are good reasons why the national legislator has just denied to introduce mandatory data retention”, the official data protectors declared: “The confidentiality of telecommunications, which is guaranteed under the German constitution, only allows for the storage of data on the use of public telecommunication networks – and in particular of the internet – in cases of tangible evidence of a severe crime.”
Nevertheless, Germany’s minister of Interior Affairs, Otto Schily, is known to be the driving force behind a new law to introduce mandatory data retention in Germany and to also put pressure on other EU states’ governments to introduce similar measures.
While the EU wants all member states to store the extreme amounts of data virtually all citizens produce when they use the Internet, a mobile or fixed phone or any other communication device, it claims the data will be used only in very limited cases, in particular in connection with combating terrorism. The example of Great Britain, where many telecommunication providers already store the data under a so-called voluntary scheme, has shown however that there is a tendency with police forces to make use of the data, once it is stored, even where they suspect only minor infringements. Under the EU Directive on the Enforcement of Intellectual Property Rights, internet service providers could be forced to provide large amounts of data on users suspected of exchanging copyrighted files on peer-to-peer networks.
“General retention of telecommunication data”, the German commissioners add, “would hinder the fundamental rights on freedom of speech and on access to information. Processing of internet use habits reveals interests, preferences, and political affiliations of users. It is also highly questionable whether the proposed Framework Decision is compliant with Article 8 of the European Convention on Human Rights, which deals with the protection of privacy and communications. The European court of Human Rights has already pointed out that member states cannot justify any measure they consider appropriate with the fight against terrorism.”
As EDRI has learned from the European Commission, the Article 29 Working Party, which is composed of the 25 national data protection commissioners of all EU member states, is also preparing an opinion on data retention. A report that has been drafted by CNIL, the French DP authority, was discussed on 26 June in Brussels. It will be voted in a written procedure within the next few weeks. “By mid-July we should know whether there will be an opinion of the Working Party”, a Commission source said.
Opinion German data protection commissioners (25.06.2004)
http://www.lda.brandenburg.de/sixcms/detail.php?id=161413&template=druck_lda
Article 29 Working Party: Opinion 1/2003 on the storage of traffic data for billing purposes (29.01.2003)
http://www.europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2003/wp69_en.pdf
‘New German proposal for mandatory data retention’ (02.06.2004)
http://www.edri.org/cgi-bin/index?id=000100000151
(Contribution by Andreas Dietl, EDRI EU affairs director)